NIST’s Post-Quantum Cryptography Roadmap: What to Do Now (2025–2035) CyberDudeBivash Authority Brief • Date: September 20, 2025 (IST)
Executive summary NIST has moved from research to deployment mode on post-quantum cryptography (PQC). Three PQC standards are already finalized— FIPS 203 (ML-KEM) , FIPS 204 (ML-DSA) , and FIPS 205 (SLH-DSA) —and NIST selected HQC in March 2025 as a backup KEM to diversify against single-family risk. NIST +3 NIST Computer Security Resource Center +3 NIST Computer Security Resource Center +3 For migration guidance, NIST published an expected transition approach (IR 8547) and an NCCoE Migration to PQC practice guide (SP 1800-38 draft), while the U.S. government mandated crypto inventories via OMB M-23-02 . Outside the U.S., timelines (e.g., UK NCSC guidance) converge on finishing migrations by ~ 2035 , with many U.S. national-security systems targeting 2030–2033 milestones under CNSA 2.0 . Net: the window to plan, pilot, and phase-in is now . U.S. Department of War +4 NIST Computer Security Resource Center +4 nccoe.nist.gov +4 Why this matters (quick context) Harvest...